Gordon MacKay's Netwatch utility, which runs in a terminal window, is invaluable for watching network loads and for seeing, at a higher level than Ethereal, who is talking to whom on your network. As shown in Figure 2, Netwatch monitors network bandwidth in terms of which hosts are producing and consuming packets.
Figure 2. Netwatch monitors network bandwidth. (Click on image for full-size view)
Another useful mode of Netwatch, seen in Figure 3, shows which ports are involved in the communications between hosts. This can be very useful in seeing if the client/server applications on your network are using the ports that you expect them to use.
It can also alert you to potential trouble if you see hosts using protocol slots that should never be seen on your network. For example, if you see a service (such as TCP or UDP port) that shouldn't be running, it could mean someone is running an unauthorized service on a machine (for example, a Quake game server) or that someone has broken in.
Figure 3. Netwatch monitors network bandwidth. (Click on image for full-size view)
Netwatch can also be used as a simple monitor to collect gross network statistics. I use Netwatch to gather statistics on my DSL connections to see how much bandwidth my virtual web-hosting clients are using.
What else is out there?
I mention Ethereal and Netwatch because I use them on my own systems and have found them quite useful. But they're just the beginning. There are an incredible number of tools and utilities out there. If these tools aren't right for troubleshooting your particular network problem, I would recommend looking at Freshmeat.net, a site dedicated to announcing what's new (and updated) in the Open Source universe.
Another good source is VA Linux's SourceForge, where large numbers of open source developers host their projects, including a number of network diagnosis and management tools. Enter a few choice keywords in the search boxes on these sites; you can get a good handle on what kinds of tools are available.
In addition to Ethereal and Netwatch, the GNOME project has announced a number of network tools, including tools such as Cheops by Mark Spencer. Cheops is a network discovery and mapping tool that can be invaluable for finding out what's on your network to begin with. Cheops builds a graphical network map that shows your network subnet by subnet, as shown in Figure 4.
Figure 4. Cheops maps your network subnet by subnet. (Click on image for full-size view)
In this screenshot, my home network is shown from the perspective of the machine running Cheops (my main workstation, called THX1138). Cheops can also probe SNMP daemons of hosts it discovers, as well as run a limited set of port-scans which can be useful for determining what services a given network object supports.
On a totally different front, if you are more of a do-it-yourself type, the Comprehensive Perl Archive Network (CPAN) is a great resource for network utility modules for the Perl programming language. There are Perl modules for everything from IP accounting through TCP and IP packet assembly/disassembly routines, which can be used to construct almost any kind of network tool you can dream up. There is a lot of very heavyweight programming involved in using many of these packages, so you'll want to have an up-to-date copy of Perl installed on your system.
Some words of caution
Linux, as we have seen, can do some really nifty network tricks, but it isn't all wine and roses. In the "old days" (like, six months ago) it usually wasn't a big deal if you put a random machine on your company's network. If you were a system administrator, you could probably even put a network sniffer up on your LAN to diagnose a network problem without too much of a hassle.
Today, with increasing sensitivity to cracker-attacks on systems/networks and the spotlight on computer security issues, corporate management is very gun-shy and have lawyers primed to overreact to the slightest problem whether perceived or real.
Some of the fear about network security is well grounded: Few networks are encrypted, and there's an awful lot of valuable information that can be gleaned with a network sniffer. However, if you're thinking it would be a clever idea to try it on your company's network, read on.
Before putting a sniffer or any other piece of network analysis hardware or software on your network, make sure that you have approval to do so. If you are planning to use any other tools (such as the password-cracking tool "crack," or a port-scanner like nmap) to ferret out weak passwords or search for other security holes, make sure that you have buy-in from your firms' legal and audit groups.
Make sure that approval is in writing on letterhead and signed by someone high on the food-chain. What used to be common systems management techniques have become deadly serious security breaches in the eyes of many managers. In a well-documented case, a rather well-known Perl book author (no, not Larry Wall) found out the hard way what happens when your boss decides to make a legal test case out of your life. He's been fighting to overturn a felony conviction for illegal computer access for the last several years because of it.
In an upcoming column I'll delve more deeply into the security issues and how you can use Linux systems -- with the appropriate approvals -- to make your systems and networks more secure.
Obviously it's impossible to do justice to the scope and breadth of the networking tools available for Linux in a short column. But hopefully this will give you a starting point in your own explorations of how Linux can make your network administration tasks a bit less taxing. In the sidebar, I've included links to the packages mentioned here, as well as starting points that will lead you to many more interesting network tools and projects available on the Internet.
What are your favorite Linux networking tools? Join the discussion in the O'Reilly Network Linux forum.